Governance, risk and compliance

Address threats to your projects and operations before hackers can exploit them by integrating best practices for handling risks, managing controls and barriers, and ensuring you are up to date and comply with the latest standards and regulations.

Understand risk in your operational technology (OT) and IT and infrastructure, build a powerful force of defence against cyber attacks, and win stakeholder support for your governance, risk and compliance strategies.

DNV combines specialist industry knowledge with engineering expertise and information system best practice to assess your critical infrastructure from every angle. We help you see your information and control systems clearly and completely, giving practical advice on the vulnerabilities and non-conformities you must address to stay confidently cyber secure.


Build cyber security resilience

Overcome gaps in your organization’s cyber security defences to ensure the resilience of your critical information systems, and boost confidence that your processes and procedures cover the latest threats and industry best practices.


Our governance, risk & compliance services

Our robust governance, risk and compliance services enable you to establish cyber security maturity across your organization, including:

  • OT and IT risk and maturity assessments
    Understand where your technology, processes and people are exposed, and the technical, administrative and physical controls you need to implement to reduce the likelihood and consequence of cyber attacks.
  • Standards gaps analysis and compliance
    Identify the cyber security standards and regional/national regulations that apply to your organization and industry, including IEC 62443 for OT systems, ISO 27001 ISMS for IT and the NIST framework. We support you to find the gaps before they are exploited.
  • Cyber security management
    Implement a fully documented risk management system with the support of our dedicated risk management tool and practical advice on the policies and procedures you need to stay cyber secure.
  • Control room security
    Identify and address critical security gaps in your control rooms and operations centres through our independent assessments of your cyber security exposure and advice on barriers to reduce the likelihood and consequences of cyber incidents.
  • Cloud deployment assessments
    Assess risk, ensure compliance and safely deploy business-critical assets to the cloud by adopting industry best practices for cloud security, including CIS Benchmarks, ISO 27005 and NIST.
  • Cyber security due diligence
    Verify that critical infrastructure and information systems meet relevant standards and regulation, and are compliant with best practices in people, technology and processes through our red flag assessments.
  • Supply chain audits
    Ensure that suppliers and vendors comply with your cyber security requirements. We audit cyber security across your entire supply chain to identify and eliminate the risk of third-party compromise.
  • Cyber security incident preparedness
    Prepare your organization to tackle incidents before they occur through proactive planning, training and testing of cyber security incident management processes.
  • Maritime cyber secure class notation
    Demonstrate cyber security capabilities and IMO compliance with DNV Cyber secure class notation. The class notation has been developed to address the cyber security of a vessel’s main functions and the owner’s operational needs. It establishes recognised requirements for vessels and offshore units in operation and newbuilds across different segments and security levels. Find out more

Why work with DNV?

As a leading independent expert in risk assessment and mitigation, DNV has the tools, methodology, competence and domain knowledge that you need to address the safety and security of your critical OT and IT infrastructure. Our services will allow you to establish and implement transparent and trustworthy cyber security policies, and provide the evidence, assurance and certification needed to overcome challenges with resourcing and budgeting programmes or the communication of cyber security procedures within your organization.